Bug 143894

Summary: Use ASan poisoning to taint moved-out-of Refs
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: Web Template FrameworkAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, benjamin, cmarcelo, commit-queue, darin
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch none

Alexey Proskuryakov
Reported 2015-04-17 13:55:14 PDT
It has been suggested that we can taint Refs to check that they are not used after moving out. I'm not sure if we can practically expect to catch any bugs (the pointer is already zeroed out), but this seems easy enough to do, and harmless. Could catch something one day. <rdar://problem/19443723>
Attachments
proposed patch (1.70 KB, patch)
2015-04-17 13:56 PDT, Alexey Proskuryakov 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2015-04-17 13:56:50 PDT
Created attachment 251042 [details] proposed patch
Sam Weinig
Comment 2 2015-04-17 15:33:58 PDT
Comment on attachment 251042 [details] proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=251042&action=review > Source/WTF/wtf/Ref.h:38 > +#if ASAN_ENABLED > +extern "C" void __asan_poison_memory_region(void const volatile *addr, size_t size); > +extern "C" void __asan_unpoison_memory_region(void const volatile *addr, size_t size); > +extern "C" bool __asan_address_is_poisoned(void const volatile *addr); > +#endif I think this should probably be in Compiler.h, since it seems like this could be generally useful. Perhaps we should also put it behind some nicer macros / inline functions.
WebKit Commit Bot
Comment 3 2015-04-17 15:46:47 PDT
Comment on attachment 251042 [details] proposed patch Clearing flags on attachment: 251042 Committed r182977: <http://trac.webkit.org/changeset/182977>
WebKit Commit Bot
Comment 4 2015-04-17 15:46:53 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.